Zeljka Zorz
“Serious” vulnerability found in Libgcrypt, GnuPG’s cryptographic library
Libgcrypt 1.9.0, the newest version of a cryptographic library integrated in the GNU Privacy Guard (GnuPG) free encryption software, has a “severe” security …
International law enforcement effort pulls off Emotet botnet takedown
Law enforcement and judicial authorities worldwide have effected a global takedown of the Emotet botnet, Europol announced today. “The Emotet infrastructure essentially …
Apple fixes three actively exploited iOS zero-days
Apple has release a new batch of security updates and has fixed three iOS zero-days that “may have been actively exploited” by attackers. The three zero-days Two …
Sudo vulnerability allows attackers to gain root privileges on Linux systems (CVE-2021-3156)
A vulnerability (CVE-2021-3156) in sudo, a powerful and near-ubiquitous open-source utility used on major Linux and Unix-like operating systems, could allow any unprivileged …
Cybersecurity marketing: Always think of the customer
In early January, LogMeIn announced that Jamie Domenici will join the company as its new Chief Marketing Officer. Domenici is a cloud marketing veteran, and the majority of …
Business executives targeted with Office 365-themed phishing emails
An ongoing campaign powered by a phishing kit sold on underground forums is explicitly targeting high-ranking executives in a variety of sectors and countries with fake Office …
Security researchers targeted by North Korean hackers
Over the past few months, hackers have been trying to surreptitiously backdoor the computer systems of a number of security researchers working on vulnerability research and …
SonicWall hit by attackers leveraging zero-day vulnerabilities in its own products?
On Friday evening, SonicWall announced that it “identified a coordinated attack on its internal systems by highly sophisticated threat actors exploiting probable …
Zero trust: A solution to many cybersecurity problems
The SolarWinds hack and the never-ending stream of revelations about the attackers’ tools, techniques and other targets has been occupying the minds of CISOs and …
Bugs in Signal, other video chat apps allowed attackers to listen in on users
Bugs in several messaging/video chat mobile apps allowed attackers to spy on targeted users’s surroundings. The vulnerabilities – in Signal, Google Duo, Facebook …
Malwarebytes was breached by the SolarWinds attackers
A fourth malware strain wielded by the SolarWinds attackers has been detailed by Symantec researchers, followed by the disclosure of the attackers’ ingenous lateral …
Dnsmasq vulnerabilities open networking devices, Linux distros to DNS cache poisoning
Seven vulnerabilities affecting Dnsmasq, a caching DNS and DHCP server used in a variety of networking devices and Linux distributions, could be leveraged to mount DNS cache …